CVE-2026-4823
Received Received - Intake
Information Disclosure via NTLM2 Handler in Iperius Backup

Publication date: 2026-03-25

Last updated on: 2026-04-29

Assigner: VulDB

Description
A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this vulnerability is an unknown functionality of the component NTLM2 Handler. Executing a manipulation can lead to information disclosure. The attack is restricted to local execution. Attacks of this nature are highly complex. The exploitation appears to be difficult. The exploit has been published and may be used. Upgrading to version 8.7.4 addresses this issue. Upgrading the affected component is advised. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-4823
EUVD
EUVD-2026-16005
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
enter_software iperius_backup to 8.7.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in Enter Software Iperius Backup up to version 8.7.3 involves a flaw in the NTLM2 Handler component that can lead to information disclosure through local execution. While the description indicates potential information disclosure, it does not provide specific details on how this impacts compliance with standards such as GDPR or HIPAA.

Given the limited information, it is unclear whether this vulnerability directly affects compliance with data protection regulations, but any information disclosure vulnerability could potentially pose risks to compliance depending on the nature of the disclosed information.

Executive Summary

This vulnerability is a flaw found in Enter Software Iperius Backup up to version 8.7.3, specifically in an unknown functionality of the NTLM2 Handler component.

By manipulating this flaw, an attacker can cause information disclosure.

The attack requires local execution, is highly complex, and difficult to exploit.

The vendor has released a fixed version 8.7.4 to address this issue.

Impact Analysis

The vulnerability can lead to information disclosure if exploited.

However, exploitation is difficult and requires local access with high complexity.

The impact is limited to confidentiality, with no impact on integrity or availability.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade Enter Software Iperius Backup to version 8.7.4, which addresses the issue.

Since the attack requires local execution and is highly complex, ensuring that only trusted users have local access can also help reduce risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4823. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart